From d45ae6485811189e98f774ecdb46f0ccdfa8b2b3 Mon Sep 17 00:00:00 2001 From: lain Date: Fri, 17 Apr 2020 13:04:46 +0200 Subject: [PATCH] ChatController: Use OAuth scopes. --- .../controllers/chat_controller.ex | 18 +++++++- .../controllers/chat_controller_test.exs | 41 +++++++++---------- 2 files changed, 36 insertions(+), 23 deletions(-) diff --git a/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex b/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex index 8cf8d82e4..31c723426 100644 --- a/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex +++ b/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex @@ -8,6 +8,7 @@ defmodule Pleroma.Web.PleromaAPI.ChatController do alias Pleroma.Object alias Pleroma.Repo alias Pleroma.User + alias Pleroma.Plugs.OAuthScopesPlug alias Pleroma.Web.CommonAPI alias Pleroma.Web.PleromaAPI.ChatView alias Pleroma.Web.PleromaAPI.ChatMessageView @@ -16,10 +17,18 @@ defmodule Pleroma.Web.PleromaAPI.ChatController do import Ecto.Query # TODO - # - Oauth stuff - # - Views / Representers # - Error handling + plug( + OAuthScopesPlug, + %{scopes: ["write:statuses"]} when action in [:post_chat_message, :create] + ) + + plug( + OAuthScopesPlug, + %{scopes: ["read:statuses"]} when action in [:messages, :index] + ) + defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.ChatOperation def post_chat_message(%{assigns: %{user: %{id: user_id} = user}} = conn, %{ @@ -62,6 +71,11 @@ def messages(%{assigns: %{user: %{id: user_id} = user}} = conn, %{"id" => id} = conn |> put_view(ChatMessageView) |> render("index.json", for: user, objects: messages, chat: chat) + else + _ -> + conn + |> put_status(:not_found) + |> json(%{error: "not found"}) end end diff --git a/test/web/pleroma_api/controllers/chat_controller_test.exs b/test/web/pleroma_api/controllers/chat_controller_test.exs index f30fd6615..0750c7273 100644 --- a/test/web/pleroma_api/controllers/chat_controller_test.exs +++ b/test/web/pleroma_api/controllers/chat_controller_test.exs @@ -10,15 +10,15 @@ defmodule Pleroma.Web.PleromaAPI.ChatControllerTest do import Pleroma.Factory describe "POST /api/v1/pleroma/chats/:id/messages" do - test "it posts a message to the chat", %{conn: conn} do - user = insert(:user) + setup do: oauth_access(["write:statuses"]) + + test "it posts a message to the chat", %{conn: conn, user: user} do other_user = insert(:user) {:ok, chat} = Chat.get_or_create(user.id, other_user.ap_id) result = conn - |> assign(:user, user) |> post("/api/v1/pleroma/chats/#{chat.id}/messages", %{"content" => "Hallo!!"}) |> json_response(200) @@ -28,8 +28,9 @@ test "it posts a message to the chat", %{conn: conn} do end describe "GET /api/v1/pleroma/chats/:id/messages" do - test "it paginates", %{conn: conn} do - user = insert(:user) + setup do: oauth_access(["read:statuses"]) + + test "it paginates", %{conn: conn, user: user} do recipient = insert(:user) Enum.each(1..30, fn _ -> @@ -40,7 +41,6 @@ test "it paginates", %{conn: conn} do result = conn - |> assign(:user, user) |> get("/api/v1/pleroma/chats/#{chat.id}/messages") |> json_response(200) @@ -48,17 +48,13 @@ test "it paginates", %{conn: conn} do result = conn - |> assign(:user, user) |> get("/api/v1/pleroma/chats/#{chat.id}/messages", %{"max_id" => List.last(result)["id"]}) |> json_response(200) assert length(result) == 10 end - # TODO - # - Test the case where it's not the user's chat - test "it returns the messages for a given chat", %{conn: conn} do - user = insert(:user) + test "it returns the messages for a given chat", %{conn: conn, user: user} do other_user = insert(:user) third_user = insert(:user) @@ -71,7 +67,6 @@ test "it returns the messages for a given chat", %{conn: conn} do result = conn - |> assign(:user, user) |> get("/api/v1/pleroma/chats/#{chat.id}/messages") |> json_response(200) @@ -81,17 +76,25 @@ test "it returns the messages for a given chat", %{conn: conn} do end) assert length(result) == 3 + + # Trying to get the chat of a different user + result = + conn + |> assign(:user, other_user) + |> get("/api/v1/pleroma/chats/#{chat.id}/messages") + + assert result |> json_response(404) end end describe "POST /api/v1/pleroma/chats/by-ap-id/:id" do + setup do: oauth_access(["write:statuses"]) + test "it creates or returns a chat", %{conn: conn} do - user = insert(:user) other_user = insert(:user) result = conn - |> assign(:user, user) |> post("/api/v1/pleroma/chats/by-ap-id/#{URI.encode_www_form(other_user.ap_id)}") |> json_response(200) @@ -100,9 +103,9 @@ test "it creates or returns a chat", %{conn: conn} do end describe "GET /api/v1/pleroma/chats" do - test "it paginates", %{conn: conn} do - user = insert(:user) + setup do: oauth_access(["read:statuses"]) + test "it paginates", %{conn: conn, user: user} do Enum.each(1..30, fn _ -> recipient = insert(:user) {:ok, _} = Chat.get_or_create(user.id, recipient.ap_id) @@ -110,7 +113,6 @@ test "it paginates", %{conn: conn} do result = conn - |> assign(:user, user) |> get("/api/v1/pleroma/chats") |> json_response(200) @@ -118,7 +120,6 @@ test "it paginates", %{conn: conn} do result = conn - |> assign(:user, user) |> get("/api/v1/pleroma/chats", %{max_id: List.last(result)["id"]}) |> json_response(200) @@ -126,8 +127,7 @@ test "it paginates", %{conn: conn} do end test "it return a list of chats the current user is participating in, in descending order of updates", - %{conn: conn} do - user = insert(:user) + %{conn: conn, user: user} do har = insert(:user) jafnhar = insert(:user) tridi = insert(:user) @@ -144,7 +144,6 @@ test "it return a list of chats the current user is participating in, in descend result = conn - |> assign(:user, user) |> get("/api/v1/pleroma/chats") |> json_response(200)